Security in family accounts

Lesslame · 4 Dec 2013, 04:41 PM

hi,

if a normal user has "admin rights" for the family account, i.e. he is able to manage the masteruser_account from his own account, this normal user can actually reset the password for the masteruser-account --> effectively taking over the complete family with all email accounts! I tried to avoid this by making the masteruser_account "private", but that seems to be broken? I tried different ways but it seems impossible to make the masteruser "private". Even if it would work: I am afraid the "reset password" option would still be available...?

For a while I tried to get around this problem by using alternative logins with restricted access for my normal user, but then I cannot delete attachments from emails (which I do regularly), so that is not an option for me. If I log into my normal user with an alternative login with full access, I can manage the family and the security problem mentioned above is real.

The only workaround right now: I decided to remove "admin rights" from all normal accounts, now I can only "manage" the family by explicitely logging in with my masteruser-account (and I am using an alternative login with full access here as well to protect my real (very complicated) masteruser_password).

Basically this means that the "admin rights" feature, which allows normal users to manage the family, is too dangerous to use.

Or am I missing something?

cyberpear · 4 Dec 2013, 11:55 PM

I completely agree with your assessment. The "admin rights" feature is too dangerous to use.

Making an account "private" only means that an admin can't see what is inside that account or change its settings without first changing the password and logging into the account as the user.

Lesslame · 9 Dec 2013, 03:16 PM

But it should be easy to fix:
Fastmail should remove the possibility to "reset password" for those users that arrive via "admin rights"! Either remove it only for the superuser-account (still somewhat dangerous) or remove it for all accounts.
At least in my family account I need to reset passwords only once a year on average, so this would be a big improvement and allow me to use the "admin rights" feature again.
I guess the security problem is the same in business packages?
Cheers,
Lesslame

4 Dec 2013, 04:41 PM	#1
Lesslame Junior Member Join Date: Aug 2007 Posts: 9	Security in family accounts hi, if a normal user has "admin rights" for the family account, i.e. he is able to manage the masteruser_account from his own account, this normal user can actually reset the password for the masteruser-account --> effectively taking over the complete family with all email accounts! I tried to avoid this by making the masteruser_account "private", but that seems to be broken? I tried different ways but it seems impossible to make the masteruser "private". Even if it would work: I am afraid the "reset password" option would still be available...? For a while I tried to get around this problem by using alternative logins with restricted access for my normal user, but then I cannot delete attachments from emails (which I do regularly), so that is not an option for me. If I log into my normal user with an alternative login with full access, I can manage the family and the security problem mentioned above is real. The only workaround right now: I decided to remove "admin rights" from all normal accounts, now I can only "manage" the family by explicitely logging in with my masteruser-account (and I am using an alternative login with full access here as well to protect my real (very complicated) masteruser_password). Basically this means that the "admin rights" feature, which allows normal users to manage the family, is too dangerous to use. Or am I missing something?

4 Dec 2013, 11:55 PM	#2
cyberpear Member Join Date: Nov 2012 Posts: 40	I completely agree with your assessment. The "admin rights" feature is too dangerous to use. Making an account "private" only means that an admin can't see what is inside that account or change its settings without first changing the password and logging into the account as the user.

9 Dec 2013, 03:16 PM	#3
Lesslame Junior Member Join Date: Aug 2007 Posts: 9	But it should be easy to fix: Fastmail should remove the possibility to "reset password" for those users that arrive via "admin rights"! Either remove it only for the superuser-account (still somewhat dangerous) or remove it for all accounts. At least in my family account I need to reset passwords only once a year on average, so this would be a big improvement and allow me to use the "admin rights" feature again. I guess the security problem is the same in business packages? Cheers, Lesslame